package org.cryptomator.windows.keychain;

import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.cryptomator.integrations.common.OperatingSystem;
import org.cryptomator.integrations.common.Priority;
import org.cryptomator.integrations.keychain.KeychainAccessException;
import org.cryptomator.integrations.keychain.KeychainAccessProvider;
import org.cryptomator.windows.common.Localization;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
@OperatingSystem(OperatingSystem.Value.WINDOWS)
/* loaded from: input_file:org/cryptomator/windows/keychain/WindowsProtectedKeychainAccess.class */
public class WindowsProtectedKeychainAccess implements KeychainAccessProvider {
    private static final String KEYCHAIN_PATHS_PROPERTY = "cryptomator.integrationsWin.keychainPaths";
    private static final Logger LOG = LoggerFactory.getLogger(WindowsProtectedKeychainAccess.class);
    private static final Path USER_HOME_REL = Path.of("~", new String[0]);
    private static final Path USER_HOME = Path.of(System.getProperty("user.home"), new String[0]);
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper();
    private final List<Path> keychainPaths;
    private final WinDataProtection dataProtection;
    private Map<String, KeychainEntry> keychainEntries;

    public WindowsProtectedKeychainAccess() {
        this(readKeychainPathsFromEnv(), new WinDataProtection());
    }

    WindowsProtectedKeychainAccess(List<Path> list, WinDataProtection winDataProtection) {
        this.keychainPaths = list;
        this.dataProtection = winDataProtection;
    }

    private static List<Path> readKeychainPathsFromEnv() {
        return parsePaths(System.getProperty(KEYCHAIN_PATHS_PROPERTY, ""), System.getProperty("path.separator"));
    }

    static List<Path> parsePaths(String str, String str2) {
        return (List) Arrays.stream(str.split(str2)).filter(Predicate.not((v0) -> {
            return v0.isEmpty();
        })).map(str3 -> {
            return Path.of(str3, new String[0]);
        }).map(WindowsProtectedKeychainAccess::resolveHomeDir).collect(Collectors.toList());
    }

    private static Path resolveHomeDir(Path path) {
        return path.startsWith(USER_HOME_REL) ? USER_HOME.resolve(USER_HOME_REL.relativize(path)) : path;
    }

    public String displayName() {
        return Localization.get().getString("org.cryptomator.windows.keychain.displayName");
    }

    public void storePassphrase(String str, String str2, CharSequence charSequence) throws KeychainAccessException {
        loadKeychainEntriesIfNeeded();
        ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(charSequence));
        byte[] bArr = new byte[encode.remaining()];
        encode.get(bArr);
        byte[] generateSalt = generateSalt();
        byte[] protect = this.dataProtection.protect(bArr, generateSalt);
        Arrays.fill(encode.array(), (byte) 0);
        Arrays.fill(bArr, (byte) 0);
        this.keychainEntries.put(str, new KeychainEntry(protect, generateSalt));
        saveKeychainEntries();
    }

    public char[] loadPassphrase(String str) throws KeychainAccessException {
        byte[] unprotect;
        loadKeychainEntriesIfNeeded();
        KeychainEntry keychainEntry = this.keychainEntries.get(str);
        if (keychainEntry == null || (unprotect = this.dataProtection.unprotect(keychainEntry.ciphertext(), keychainEntry.salt())) == null) {
            return null;
        }
        CharBuffer decode = StandardCharsets.UTF_8.decode(ByteBuffer.wrap(unprotect));
        char[] cArr = new char[decode.remaining()];
        decode.get(cArr);
        Arrays.fill(unprotect, (byte) 0);
        Arrays.fill(decode.array(), (char) 0);
        return cArr;
    }

    public void deletePassphrase(String str) throws KeychainAccessException {
        loadKeychainEntriesIfNeeded();
        this.keychainEntries.remove(str);
        saveKeychainEntries();
    }

    public void changePassphrase(String str, String str2, CharSequence charSequence) throws KeychainAccessException {
        loadKeychainEntriesIfNeeded();
        if (this.keychainEntries.remove(str) != null) {
            storePassphrase(str, charSequence);
        }
    }

    public boolean isSupported() {
        return !this.keychainPaths.isEmpty();
    }

    public boolean isLocked() {
        return false;
    }

    private byte[] generateSalt() {
        byte[] bArr = new byte[16];
        UUID randomUUID = UUID.randomUUID();
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        wrap.putLong(randomUUID.getMostSignificantBits());
        wrap.putLong(randomUUID.getLeastSignificantBits());
        return bArr;
    }

    private void loadKeychainEntriesIfNeeded() throws KeychainAccessException {
        if (this.keychainEntries == null) {
            Iterator<Path> it = this.keychainPaths.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Optional<Map<String, KeychainEntry>> loadKeychainEntries = loadKeychainEntries(it.next());
                if (loadKeychainEntries.isPresent()) {
                    this.keychainEntries = loadKeychainEntries.get();
                    break;
                }
            }
        }
        if (this.keychainEntries == null) {
            LOG.info("Unable to load existing keychain file, creating new keychain.");
            this.keychainEntries = new HashMap();
        }
    }

    Optional<Map<String, KeychainEntry>> loadKeychainEntries(Path path) throws KeychainAccessException {
        LOG.debug("Attempting to load keychain from {}", path);
        TypeReference<Map<String, KeychainEntry>> typeReference = new TypeReference<Map<String, KeychainEntry>>() { // from class: org.cryptomator.windows.keychain.WindowsProtectedKeychainAccess.1
        };
        try {
            InputStream newInputStream = Files.newInputStream(path, StandardOpenOption.READ);
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(newInputStream, StandardCharsets.UTF_8);
                try {
                    Optional<Map<String, KeychainEntry>> ofNullable = Optional.ofNullable((Map) JSON_MAPPER.readValue(inputStreamReader, typeReference));
                    inputStreamReader.close();
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    return ofNullable;
                } catch (Throwable th) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (NoSuchFileException e) {
            return Optional.empty();
        } catch (IOException e2) {
            throw new KeychainAccessException("Could not read keychain from path " + path, e2);
        } catch (JacksonException e3) {
            LOG.warn("Unable to parse keychain file, overwriting existing one.");
            return Optional.empty();
        }
    }

    private void saveKeychainEntries() throws KeychainAccessException {
        if (this.keychainPaths.isEmpty()) {
            throw new IllegalStateException("Can't save keychain if no keychain path is specified.");
        }
        saveKeychainEntries(this.keychainPaths.get(0));
    }

    private void saveKeychainEntries(Path path) throws KeychainAccessException {
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            try {
                OutputStreamWriter outputStreamWriter = new OutputStreamWriter(newOutputStream, StandardCharsets.UTF_8);
                try {
                    JSON_MAPPER.writeValue(outputStreamWriter, this.keychainEntries);
                    outputStreamWriter.close();
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                } catch (Throwable th) {
                    try {
                        outputStreamWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new KeychainAccessException("Could not read keychain from path " + path, e);
        }
    }
}
